# -*- coding: utf-8 -*-
'''
    Author: hkk
'''
from django.shortcuts import render, render_to_response, reverse
from django.http import HttpResponseRedirect, HttpResponse
from django.contrib import auth
from accounts.forms import LoginForm, UserForm
from django.conf import settings
from accounts.models import User
from commons.paginator import paginator
from django.contrib.auth.models import Group, Permission
import json, collections
from django.contrib.auth.decorators import permission_required, login_required, user_passes_test
from django.contrib.auth import authenticate, login as auth_login, logout as auth_logout
from django.contrib.auth.hashers import make_password, check_password
import ldap



def login_ldap(username, password):
    try:
        conn = ldap.initialize("ldap://192.168.99.79:389")
        conn.protocol_version = ldap.VERSION3
        target="uid=" + username + "," + "ou=People,dc=suncreate,dc=com"
        baseDN = "ou=People,dc=suncreate,dc=com"
        searchScope = ldap.SCOPE_SUBTREE
        #过滤哪个用户
        searchFilter = 'uid='+ username
         # None表示搜索所有属性，['cn']表示只搜索cn属性
        retrieveAttributes = None
        conn.set_option(ldap.OPT_REFERRALS, 0)
        if conn.simple_bind_s(target,password):
                #调用search方法返回结果id
                ldap_result_id = conn.search(baseDN, searchScope, searchFilter, retrieveAttributes)
                result_set = []
                while 1:
                    result_type, result_data = conn.result(ldap_result_id, 0)
                    if(result_data == []):
                        break
                    else:
                        if result_type == ldap.RES_SEARCH_ENTRY:
                            result_set.append(result_data)
                Name,Attrs = result_set[0][0]
                #print(Name)
                #print(Attrs)
                name = Attrs['cn'][0]
                password1=make_password(password)
                user=User.objects.filter(username=username)
                if user:
                    userpwd=User.objects.get(username=username)
                    userpwd.set_password(password)
                    userpwd.save()
                else:
                   #本地mysql新增ldap用户
                   User.objects.create(username=username,fullname=name,mobile='15288888888',password=password1)
                   #默认用户加到研发组
                   user=User.objects.get(username=username)
                   user.groups.clear()
                   groups=['2']
                   user.groups.add(*groups)
                return 1
        else:
            return 0
    except ldap.INVALID_CREDENTIALS as e:
        print(e)
        return 0

def login(request):
    if request.user.is_authenticated():
         return HttpResponseRedirect('/')

    if request.method == 'GET':
        next = request.path
        #return HttpResponse(next)
        if next == settings.LOGIN_URL:
            next = '/'
        return render_to_response('accounts/login.html', {'next': next})

    if request.method == "POST":
        username=request.POST.get("username")
        password=request.POST.get("password")
        if username == 'admin':
              result=1
        else:
              result=login_ldap(username,password)
        if result:
            form = LoginForm(request, data=request.POST)
            if form.is_valid():
                auth.login(request, form.get_user())
                return HttpResponseRedirect(request.POST['next'])
            else:
                error = form.errors
        else:
            error=u'请检查用户名和密码'
            return render(request, 'error.html', {'request': request, 'error': error})

    else:
        form = LoginForm(request)
    data = {'request': request, 'form': form,'error':error}
    return render_to_response('accounts/login.html',data)


def logout(request):
    auth.logout(request)
    return HttpResponseRedirect(settings.LOGIN_URL)


@login_required
def get_groups(request):
    group = Group.objects.values_list('id', 'name')
    groups = json.dumps([(i[0], i[1]) for i in group])

    return groups


@login_required
# @permission_required('accounts.get_user', raise_exception=True)
def accounts_user(request):
    user = request.user
    if user.is_superuser:
            data = {}
            user = User.objects.order_by('id')
            data = paginator(request, user)
            request.breadcrumbs((('首页', '/'), ('用户管理', reverse('accounts_user'))))

            return render_to_response('accounts/user/user.html', data)

    else:
        data= {}
        user1=User.objects.filter(fullname=str(user))
        data =paginator(request,user1)
        return render_to_response('accounts/user/user.html', data)

        # return HttpResponse(str(user))

@login_required
@permission_required('accounts.add_user', raise_exception=True)
def accounts_add(request):
    error = ""
    if request.method == "POST":
        groups = request.POST.getlist('groups')
        new_username = request.POST.get('username')
        username = User.objects.filter(username=new_username)
        form = UserForm(request.POST)
        if username:
            error = u'该账号已存在!'
        else:
            if form.is_valid():
                user = form.save(commit=False)
                user.set_password(form.cleaned_data['password'])
                user.save()
                user.groups.clear()
                user.groups.add(*groups)
                return HttpResponseRedirect(reverse('accounts_user'))
    else:
        form = UserForm()

    groups = get_groups(request)
    request.breadcrumbs((('首页', '/'), ('用户列表', reverse('accounts_user')), ('添加用户', reverse('accounts_add'))))

    return render(request, 'accounts/user/user_add.html',
                  {'request': request, 'form': form, 'error': error, 'groups': groups})


@login_required
#@permission_required('accounts.edit_user', raise_exception=True)
def accounts_edit(request):

            user1 = request.user
            error = ""
            id = request.GET.get('id')
            if id:
                try:
                    user = User.objects.get(id=id)
                    user.password = ""
                    form = UserForm(instance=user)
                    form.groups = (',').join([u.name for u in user.groups.all()]) if user.groups.all() else ''
                except:
                    error = u"不存在"
                    form = ""
            if request.method == "POST":
                groups = request.POST.getlist('groups')
                user = User.objects.get(id=id)
                old_password = user.password
                form = UserForm(request.POST, instance=user)
                if form.is_valid():
                    user = form.save(commit=False)
                    if user.password:
                        user.set_password(form.cleaned_data['password'])
                    else:
                        user.password = old_password
                    user.save()
                    if user1.is_superuser:
                       user.groups.clear()
                       user.groups.add(*groups)
                    return HttpResponseRedirect(reverse('accounts_user'))
            groups = get_groups(request)
            request.breadcrumbs((('首页', '/'), ('用户管理', reverse('accounts_user')), ('编辑用户', reverse('accounts_edit'))))
            return render(request, 'accounts/user/user_edit.html',
                          {'request': request, 'form': form, 'id': id, 'error': error, 'groups': groups})






@login_required
@permission_required('accounts.del_user', raise_exception=True)
def accounts_del(request):
    id = request.GET.get('id')
    if id:
        User.objects.filter(id=id).delete()
    return HttpResponseRedirect(reverse('accounts_user'))


@login_required
@user_passes_test(lambda u: u.is_superuser)
def accounts_group(request):
    data = {}
    group = Group.objects.order_by('id')
    users = User.objects.values_list('id', 'username', 'fullname')
    data = paginator(request, group)
    request.breadcrumbs((('首页', '/'), ('用户管理', reverse('accounts_user'))))
    data['users'] = json.dumps([(i[0], i[1], "%s(%s)" % (i[1], i[2])) for i in users])

    return render_to_response('accounts/user/group.html', data)


@login_required
@user_passes_test(lambda u: u.is_superuser)
def accounts_group_update(request):
    if request.method == "POST":
        group_name = request.POST.get('group_name')
        action = request.POST.get('action')
        ids = json.loads(request.POST.get('users')) if request.POST.get('users') else []
        try:
            group, created = Group.objects.get_or_create(name=group_name)
            group.user_set.clear()
            if ids:
                users = User.objects.filter(id__in=ids)
                group.user_set.add(*users)

        except Exception as e:
            print(e)

    return HttpResponseRedirect(reverse('accounts_group'))


@login_required
@user_passes_test(lambda u: u.is_superuser)
def accounts_group_del(request):
    id = request.GET.get('id')
    if id:
        Group.objects.filter(id=id).delete()
    return HttpResponseRedirect(reverse('accounts_group'))
